Appln. No. 09/802,485 

Amdt. Dated December 17, 2004 

Reply to Office Action of June 17, 2004 

Amendments to the Claims ; 

This listing of the claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims ; 

1. (Currently Amended) A method for accessing encrypted data by a client, the method 
comprising the steps of : 

implementing a multi-party secure computation protocol between a client which has a 
client secret and a server which has a server secret to compute a third secret from the client secret 
and the sever secret, wherein the protocol is implemented so that the client cannot feasibly 
determine the sever secret and the server cannot feasibly determine the client secret or the third 
secret: 

r e ceiving by a serv e r from a client client information deriv e d from a first secret wherein 
the client information is derived such that the server can not feasibly determine the first secret; 

providing to the client by the s e rv e r int e rmediat e data, the int e rm e diate data d e riv e d 
r e sponsive to at least the received client information and to a server secr e t, wherein the 
intermediat e data is derived such that the client can not feasibly determine th e server s e cret; 

authenticating the client by a device, the device storing encrj^ted secrets and configured 
not to provide the encrypted secrets without authentication; and 

after the authenticating step, providing to the client by the device the encrypted secrets, 
wherein the encrypted secrets are capable of being decrypted using a decryption key derived 
from the third secret that is derived from th e interm e diate data and wherein the multi-party 
secure computation protocol implemented between the client and the server is the only multi- 
party computation protocol that is implemented in generating the third secret and the decryption 
key derived from the third secret . 

2. (Currently Amended) The method of claim 4 43 wherein the third secret is derived 
from the intermediate data by use of one of a key derivation function and a hash function. 



USIDOCS 1936946vl 



2 of 9 



Appln. No. 09/802,485 

Amdt. Dated December 17, 2004 

Reply to Office Action of June 17, 2004 

3. (Currently Amended) The method of claim + 43 wherein the third secret is the 
intermediate data. 

4. (Original) The method of claim 1 wherein the client first secret comprises at least 
of a PIN, a password, and biometric information. 

5. (Currently Amended) The method of claim ir 43 wherein the intermediate data is 
derived from at least the client fest secret and the server secret by use of a blind function 
evaluation protocol. 

6. (Original) The method of claim 5 wherein the security of the blind function 
evaluation protocol is based on the problem of extracting roots modulo a composite. 

7. (Original) The method of claim 5 wherein the security of the blind function 
evaluation protocol uses discrete logarithms. 

8. (Currently Amended) The method of claim 1 wherein the authenticating step 
comprises authenticating the client based on a time-dependent code. 

9. (Currently Amended) The method of claim 1 wherein authenticating step 
comprises authenticating the client based on at least one of a PE^, a password, and biometric 
information. 

10. (Currently Amended) The method of claim 1 wherein the authenticating step 
comprises authenticating the client based on a secret other than the fifst client secret. 

11. (Currently Amended) The method of claim 1 wherein the authenticating step 
comprises using an authenticaion secret derived from the third secret intermediate data . 
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12. (Original) The method of claim 1 wherein the device comprises at least one of a file 
server, a directory server, a key server, a PDA, a mobile telephone, a smart card, and a desktop 
computer. 

13. (Original) The method of claim 12 wherein the device comprises at least one secure 
data store, the device requiring authentication before allowing the client access to the data store. 

14. (Original) The method of claim 1 wherein the encrypted secrets comprise a private 
key of a public/private key pair used for asynraietric cryptography. 

15. (Original) The method of claim 14 wherein the encrypted secrets comprise a 
signature key used for creating a digital signature. 

16. (Currently Amended) The method of claim 15 wherein the authenticating step 
comprises authenticating the client based on a secret other than the first secret, so that the user 
provides different information to access the device and access the signature key. 

17. (Original) The method of claim 1 wherein the encrypted secrets comprise a secret 
key used for synmietric cryptography. 

18. (Original) The method of claim 1 wherein the encrypted secrets comprise at least 
one unit of digital currency. 

19. (Currently Amended) The method of claim i 43 further comprising the step of 
verifying that the client has not exceeded a predetermined number of unsuccessful attempts to 
obtain the intermediate data. 

20. (Currently Amended) The method of claim 19 wherein the verifying step further 
comprises: 

transmitting a challenge code to the client; and 
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receiving the result of a cryptographic operation using the challenge code as an input and 
using a cryptographic key derived from the encrypted secret. 

Claims 21-30. (Canceled). 

31. (Currently Amended) A The method for docrvpting encrypt e d socrots associated 
with a client by a network server, the method of claim 1. further comprising the steps of : 
receiving from a client a first secret; 

transmitting client information to a first server, the client information derived from the 
first s e cret such that the first server can not feasibly determin e the first secret; 

receiving from the first server intermediate data, the interm e diate data derived responsive 
to at l e ast the client information and to a first server secret, wherein the intermediate data is 
d e rived by the second server such that the server secret cannot f e asibly be determin e d; 

deriving a the decryption key from the third secret intermediat e data ; and 

decrypting the encrypted secrets using the decryption key. 

Claims 32-37 (Canceled) 

38. (Currently Amended) A method for authenticating to a network server, the method 
comprising the steps of : 

transmitting to a first server client information derived from a first secret wherein the 
client information is derived such that the server can not feasibly det e rmine the first secret; 

receiving from the first server int e rmediate data, the intermediate data derived responsiv e 
to at lea s t th e r e ceived client information and to a server s e cret, wherein the intermediate data is 
d e rived such that the client can not f e asibly d e termine the server secret; 

implementing a multi-party secure computation protocol between a client which has a 
client secret and a server which has a server secret to compute a third secret from the client secret 
and the sever secret, wherein the protocol is implemented so that the client cannot feasibly 
determine the sever secret and the server cannot feasibly determine the client secret or the third 
secret: 
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at the client deriving a server password by the client from the intermediate data third 
secret and a server identifier; 

authenticating to the network server using the server derived passwor d, wherein the 
multi-partv secure computation protocol implemented between the client and the server is the 
only multi-part V computation protocol that is implemented in generating the third secret and the 
password derived from the third secret . 

39. (Currently Amended) The method of claim 38 further comprising the step of 
transmitting to the first server by the network server verification that the user has authenticated 
successfully. 

40. (Original) The method of claim 38 wherein the network server is a web server. 

41. (Currently Amended) The method of claim 38 wherein ^ deriving step comprises 
deriving a server password using a key derivation function. 

42. (Canceled) 

43. (New) The method of claim 1, wherein implementing the multi-party secure 
computation protocol involves: 

at the client, using the client secret to compute client information and then sending the 
client information to the server; 

at the server, using the client information and the server secret to compute intermediate 
data and sending the intermediate data to the client; and 

at the client, deriving the third secret from the intermediate data. 

44. (New) The method of claim 1, wherein the multi-party secure computation protocol 
is a blind function evaluation protocol. 

45. (New) The method of claim 44, wherein the blind function evaluation protocol is 
based on discrete-logarithm cryptography. 
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46. (New) The method of claim 45, wherein the blind function evaluation protocol is 
based on an RS A algorithm. 

47. (New) A method for accessing encrypted data by a client, the method comprising: 
implementing a multi-party secure computation protocol between a client which has a 

client secret and a server which has a server secret to compute a third secret from the client secret 
and the sever secret, wherein the protocol is implemented so that the client cannot feasibly 
determine the sever secret and the server cannot feasibly determine the client secret or the third 
secret; 

authenticating the client by a device, the device storing encrypted secrets and configured 
not to provide the encrypted secrets without authentication; and « 

after authenticating, providing to the client by the device the encrypted secrets, wherein 
the encrypted secrets are capable of being decrypted using a decryption key derived from the 
third secret and wherein no additional multi-party secure computation protocol involving any 
entity other than the first server is required to enable the client to generate the third secret and the 
key derived from the third secret. 
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